Whilst also writing my dissertation this week, I have been carrying out a security and privacy review for Octagon Technology. Normally I do it in January each year (during my holiday in Aviemore away from distractions) but three things have happened this month to cause me to look now rather than later:
- We have taken on an apprentice
- I gave a talk about Multi-Factor Authentication
- I attended a webinar that discussed privacy and Microsoft 365
Change is always the number one reason to look at your security arrangements. Taking on a new member of staff is a major change for any business. Octagon already has a robust and well used “work from anywhere” set of policies and procedures as we have not had an office since 2007 and “working from anywhere” is what we do. Many clients over the years have benefitted from this experience and knowledge as have some new clients we have gained during the last few months of critical business change.
The issue for our new apprentice is that we cannot use our previous apprentice procedures as they cannot work with “social distancing” and current best working practices. This meant a redesign of our SharePoint structure and authorisation as we have strict access rules to data depending on role and in this case probationary period. The final structure was arrived at following a number of management meetings on Teams to determine what was needed.
Whilst working on SharePoint authentication and authorisation for one job I reviewed the current set-up for everyone and everything – discussing the set-up with team members and making changes as required.
The back-up arrangements for our Microsoft 365 were checked by the technical staff – this is important as Microsoft does not back-up the online information, we (you) have to do that for ourselves (yourself). The system our company geeks researched and now use for us, and for our clients, is the best I have seen.
It has been decided to review our policy on Multi-Factor Authentication (MFA). From Monday this week any member of our team will review any online service they use on behalf of the company and if MFA is available it will be used. This has meant Martin, our Senior Engineer has had to allocate time for his engineers from helping our clients to helping Octagon’s less technical staff with these tasks – including setting-up burner accounts and full documentation (stored in our encrypted technical database).
A review of the “BYOD” listed in the company inventory is scheduled for all staff to complete this week.
These were just some of the highlights. There were other things I investigated, reviewed and in some cases updated, but as they are confidential I cannot share them with you. However, I can look at the same things for you as part of a security and privacy review – arrange a time with Kamila.
I have said “I” in many places in this blog – but “I” actually was in meetings with various team members to work out what was best for the company and what was private and secure – documenting it – and then getting our Microsoft 365 manager to implement the changes. It was a team effort – I only had to do the talking!
Clive
(CIO at Octagon Technology)
Clive has worked at Octagon Technology since 1995. His special responsibility for data privacy and security is a commitment and promise he wants to deliver to his clients. Therefore, to understand these issues better and to keep his knowledge up to date he is currently finishing his MSc in Advanced Computer Security and Digital Forensics from Napier University and is writing his dissertation.
It has always been Clive’s ambition to deliver responsive and reliable technology. Therefore, he is always involved in designing, researching and testing technology solutions, particularly where more complex problems exist, to deliver the results their clients need.
To fully use Clive’s new Master’s degree in Computer Security, Clive and Diana have a joint venture with an international research company to get access for our clients to up to date information, schemas, analysis, templates, actionable tools and guidance. Whatever the size of your organisation if you are not approaching IT, security and privacy in a way that supports and benefits you, they can help, from the boardroom to the shop floor.
If you would like Clive to carry out a security review for you email me at kamila@octagontech.com to arrange a time.
Here is a link to the notes for the webinar Clive gave about MFA, as part of Octagon’s Free Friday initiative to share tech knowledge to help small businesses.
Kamila
General Manager
